Add 'nixpkgs/' from commit 'abf060725d7614bd3b9f96764262dfbc2f9c2199'

git-subtree-dir: nixpkgs git-subtree-mainline: 4e31070265257dc67d120c27e0f75c2344fdfa9a git-subtree-split: abf060725d7614bd3b9f96764262dfbc2f9c2199
author: Alyssa Ross <hi@alyssa.is> 2019-01-07 02:18:36 +0000
committer: Alyssa Ross <hi@alyssa.is> 2019-01-07 02:18:47 +0000
commit: 36f56d99fa0a0765c9f1de4a5f17a9b05830c3f2 (patch)
tree: b3faaf573407b32aa645237a4d16b82778a39a92 /nixpkgs/pkgs/development/libraries/openssl
parent: 4e31070265257dc67d120c27e0f75c2344fdfa9a (diff)
parent: abf060725d7614bd3b9f96764262dfbc2f9c2199 (diff)
download: nixlib-36f56d99fa0a0765c9f1de4a5f17a9b05830c3f2.tar
nixlib-36f56d99fa0a0765c9f1de4a5f17a9b05830c3f2.tar.gz
nixlib-36f56d99fa0a0765c9f1de4a5f17a9b05830c3f2.tar.bz2
nixlib-36f56d99fa0a0765c9f1de4a5f17a9b05830c3f2.tar.lz
nixlib-36f56d99fa0a0765c9f1de4a5f17a9b05830c3f2.tar.xz
nixlib-36f56d99fa0a0765c9f1de4a5f17a9b05830c3f2.tar.zst
nixlib-36f56d99fa0a0765c9f1de4a5f17a9b05830c3f2.zip
6 files changed, 280 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/development/libraries/openssl/1.0.2/nix-ssl-cert-file.patch b/nixpkgs/pkgs/development/libraries/openssl/1.0.2/nix-ssl-cert-file.patch
new file mode 100644
index 000000000000..5765409fdd57
--- /dev/null
+++ b/nixpkgs/pkgs/development/libraries/openssl/1.0.2/nix-ssl-cert-file.patch
@@ -0,0 +1,16 @@
+diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c
+index e6d0e6e1a6..b89456fd87 100644
+--- a/crypto/x509/by_file.c
++++ b/crypto/x509/by_file.c
+@@ -97,7 +97,10 @@ static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp,
+     switch (cmd) {
+     case X509_L_FILE_LOAD:
+         if (argl == X509_FILETYPE_DEFAULT) {
+-            file = ossl_safe_getenv(X509_get_default_cert_file_env());
++            file = ossl_safe_getenv("NIX_SSL_CERT_FILE");
++
++            if (!file)
++                file = ossl_safe_getenv(X509_get_default_cert_file_env());
+ 
+             if (file)
+                 ok = (X509_load_cert_crl_file(ctx, file,
diff --git a/nixpkgs/pkgs/development/libraries/openssl/1.0.2/use-etc-ssl-certs-darwin.patch b/nixpkgs/pkgs/development/libraries/openssl/1.0.2/use-etc-ssl-certs-darwin.patch
new file mode 100644
index 000000000000..3d9ee7e6a822
--- /dev/null
+++ b/nixpkgs/pkgs/development/libraries/openssl/1.0.2/use-etc-ssl-certs-darwin.patch
@@ -0,0 +1,13 @@
+diff -ru -x '*~' openssl-1.0.1r-orig/crypto/cryptlib.h openssl-1.0.1r/crypto/cryptlib.h
+--- openssl-1.0.1r-orig/crypto/cryptlib.h	2016-01-28 14:38:30.000000000 +0100
++++ openssl-1.0.1r/crypto/cryptlib.h	2016-02-03 12:54:29.193165176 +0100
+@@ -81,8 +81,8 @@
+ 
+ # ifndef OPENSSL_SYS_VMS
+ #  define X509_CERT_AREA          OPENSSLDIR
+ #  define X509_CERT_DIR           OPENSSLDIR "/certs"
+-#  define X509_CERT_FILE          OPENSSLDIR "/cert.pem"
++#  define X509_CERT_FILE          "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt"
+ #  define X509_PRIVATE_DIR        OPENSSLDIR "/private"
+ # else
+ #  define X509_CERT_AREA          "SSLROOT:[000000]"
diff --git a/nixpkgs/pkgs/development/libraries/openssl/1.0.2/use-etc-ssl-certs.patch b/nixpkgs/pkgs/development/libraries/openssl/1.0.2/use-etc-ssl-certs.patch
new file mode 100644
index 000000000000..813c6bdf44ab
--- /dev/null
+++ b/nixpkgs/pkgs/development/libraries/openssl/1.0.2/use-etc-ssl-certs.patch
@@ -0,0 +1,13 @@
+diff -ru -x '*~' openssl-1.0.1r-orig/crypto/cryptlib.h openssl-1.0.1r/crypto/cryptlib.h
+--- openssl-1.0.1r-orig/crypto/cryptlib.h	2016-01-28 14:38:30.000000000 +0100
++++ openssl-1.0.1r/crypto/cryptlib.h	2016-02-03 12:54:29.193165176 +0100
+@@ -81,8 +81,8 @@
+ 
+ # ifndef OPENSSL_SYS_VMS
+ #  define X509_CERT_AREA          OPENSSLDIR
+ #  define X509_CERT_DIR           OPENSSLDIR "/certs"
+-#  define X509_CERT_FILE          OPENSSLDIR "/cert.pem"
++#  define X509_CERT_FILE          "/etc/ssl/certs/ca-certificates.crt"
+ #  define X509_PRIVATE_DIR        OPENSSLDIR "/private"
+ # else
+ #  define X509_CERT_AREA          "SSLROOT:[000000]"
diff --git a/nixpkgs/pkgs/development/libraries/openssl/1.1/nix-ssl-cert-file.patch b/nixpkgs/pkgs/development/libraries/openssl/1.1/nix-ssl-cert-file.patch
new file mode 100644
index 000000000000..9e871cfb1d31
--- /dev/null
+++ b/nixpkgs/pkgs/development/libraries/openssl/1.1/nix-ssl-cert-file.patch
@@ -0,0 +1,15 @@
+diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c
+index 244512c935..f0b70d7ea1 100644
+--- a/crypto/x509/by_file.c
++++ b/crypto/x509/by_file.c
+@@ -46,7 +46,9 @@ static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp,
+     switch (cmd) {
+     case X509_L_FILE_LOAD:
+         if (argl == X509_FILETYPE_DEFAULT) {
+-            file = ossl_safe_getenv(X509_get_default_cert_file_env());
++            file = ossl_safe_getenv("NIX_SSL_CERT_FILE");
++            if (!file)
++                file = ossl_safe_getenv(X509_get_default_cert_file_env());
+             if (file)
+                 ok = (X509_load_cert_crl_file(ctx, file,
+                                               X509_FILETYPE_PEM) != 0);
diff --git a/nixpkgs/pkgs/development/libraries/openssl/chacha.nix b/nixpkgs/pkgs/development/libraries/openssl/chacha.nix
new file mode 100644
index 000000000000..f07ebad9e810
--- /dev/null
+++ b/nixpkgs/pkgs/development/libraries/openssl/chacha.nix
@@ -0,0 +1,82 @@
+{ stdenv, fetchFromGitHub, perl, zlib
+, withCryptodev ? false, cryptodev
+}:
+
+with stdenv.lib;
+stdenv.mkDerivation rec {
+  name = "openssl-chacha-${version}";
+  version = "2016-08-22";
+
+  src = fetchFromGitHub {
+    owner = "PeterMosmans";
+    repo = "openssl";
+    rev = "293717318e903b95f4d7e83a98a087282f37efc3";
+    sha256 = "134j3anjnj2q99xsd8d47bwvjp73qkdsimdd9riyjxa3hd8ysr00";
+  };
+
+  outputs = [ "bin" "dev" "out" "man" ];
+  setOutputFlags = false;
+
+  nativeBuildInputs = [ perl zlib ];
+  buildInputs = stdenv.lib.optional withCryptodev cryptodev;
+
+  configureScript = "./config";
+
+  configureFlags = [
+    "zlib"
+    "shared"
+    "experimental-jpake"
+    "enable-md2"
+    "enable-rc5"
+    "enable-rfc3779"
+    "enable-gost"
+    "--libdir=lib"
+    "--openssldir=etc/ssl"
+  ] ++ stdenv.lib.optionals withCryptodev [
+    "-DHAVE_CRYPTODEV"
+    "-DUSE_CRYPTODEV_DIGESTS"
+  ];
+
+  makeFlags = [
+    "MANDIR=$(man)/share/man"
+  ];
+
+  # Parallel building is broken in OpenSSL.
+  enableParallelBuilding = false;
+
+  postInstall = ''
+    # If we're building dynamic libraries, then don't install static
+    # libraries.
+    if [ -n "$(echo $out/lib/*.so $out/lib/*.dylib $out/lib/*.dll)" ]; then
+        rm "$out/lib/"*.a
+    fi
+
+    mkdir -p $bin
+    mv $out/bin $bin/
+
+    mkdir $dev
+    mv $out/include $dev/
+
+    # remove dependency on Perl at runtime
+    rm -r $out/etc/ssl/misc
+
+    rmdir $out/etc/ssl/{certs,private}
+  '';
+
+  postFixup = ''
+    # Check to make sure we don't depend on perl
+    if grep -r '${perl}' $out; then
+      echo "Found an erroneous dependency on perl ^^^" >&2
+      exit 1
+    fi
+  '';
+
+  meta = {
+    homepage = https://www.openssl.org/;
+    description = "A cryptographic library that implements the SSL and TLS protocols";
+    platforms = [ "x86_64-linux" ];
+    maintainers = [ stdenv.lib.maintainers.cstrahan ];
+    license = licenses.openssl;
+    priority = 10; # resolves collision with ‘man-pages’
+  };
+}
diff --git a/nixpkgs/pkgs/development/libraries/openssl/default.nix b/nixpkgs/pkgs/development/libraries/openssl/default.nix
new file mode 100644
index 000000000000..32fd6e727f7d
--- /dev/null
+++ b/nixpkgs/pkgs/development/libraries/openssl/default.nix
@@ -0,0 +1,141 @@
+{ stdenv, fetchurl, buildPackages, perl, coreutils
+, withCryptodev ? false, cryptodev
+, enableSSL2 ? false
+, static ? false
+}:
+
+with stdenv.lib;
+
+let
+  common = args@{ version, sha256, patches ? [], withDocs ? false }: stdenv.mkDerivation rec {
+    name = "openssl-${version}";
+
+    src = fetchurl {
+      url = "https://www.openssl.org/source/${name}.tar.gz";
+      inherit sha256;
+    };
+
+    inherit patches;
+
+    postPatch = ''
+      patchShebangs Configure
+    '' + optionalString (versionOlder version "1.1.0") ''
+      patchShebangs test/*
+      for a in test/t* ; do
+        substituteInPlace "$a" \
+          --replace /bin/rm rm
+      done
+    '' + optionalString (versionAtLeast version "1.1.1") ''
+      substituteInPlace config --replace '/usr/bin/env' '${coreutils}/bin/env'
+    '' + optionalString (versionAtLeast version "1.1.0" && stdenv.hostPlatform.isMusl) ''
+      substituteInPlace crypto/async/arch/async_posix.h \
+        --replace '!defined(__ANDROID__) && !defined(__OpenBSD__)' \
+                  '!defined(__ANDROID__) && !defined(__OpenBSD__) && 0'
+    '';
+
+    outputs = [ "bin" "dev" "out" "man" ] ++ optional withDocs "doc";
+    setOutputFlags = false;
+    separateDebugInfo = stdenv.hostPlatform.isLinux;
+
+    nativeBuildInputs = [ perl ];
+    buildInputs = stdenv.lib.optional withCryptodev cryptodev;
+
+    # TODO(@Ericson2314): Improve with mass rebuild
+    configurePlatforms = [];
+    configureScript = {
+        "x86_64-darwin"  = "./Configure darwin64-x86_64-cc";
+        "x86_64-solaris" = "./Configure solaris64-x86_64-gcc";
+        "armv6l-linux" = "./Configure linux-armv4 -march=armv6";
+        "armv7l-linux" = "./Configure linux-armv4 -march=armv7-a";
+      }.${stdenv.hostPlatform.system} or (
+        if stdenv.hostPlatform == stdenv.buildPlatform
+          then "./config"
+        else if stdenv.hostPlatform.isMinGW
+          then "./Configure mingw${optionalString
+                                     (stdenv.hostPlatform.parsed.cpu.bits != 32)
+                                     (toString stdenv.hostPlatform.parsed.cpu.bits)}"
+        else if stdenv.hostPlatform.isLinux
+          then "./Configure linux-generic${toString stdenv.hostPlatform.parsed.cpu.bits}"
+        else if stdenv.hostPlatform.isiOS
+          then "./Configure ios${toString stdenv.hostPlatform.parsed.cpu.bits}-cross"
+        else
+          throw "Not sure what configuration to use for ${stdenv.hostPlatform.config}"
+      );
+
+    configureFlags = [
+      "shared" # "shared" builds both shared and static libraries
+      "--libdir=lib"
+      "--openssldir=etc/ssl"
+    ] ++ stdenv.lib.optionals withCryptodev [
+      "-DHAVE_CRYPTODEV"
+      "-DUSE_CRYPTODEV_DIGESTS"
+    ] ++ stdenv.lib.optional enableSSL2 "enable-ssl2"
+      ++ stdenv.lib.optional (versionAtLeast version "1.1.0" && stdenv.hostPlatform.isAarch64) "no-afalgeng";
+
+    makeFlags = [ "MANDIR=$(man)/share/man" ];
+
+    enableParallelBuilding = true;
+
+    postInstall =
+    stdenv.lib.optionalString (!static) ''
+      # If we're building dynamic libraries, then don't install static
+      # libraries.
+      if [ -n "$(echo $out/lib/*.so $out/lib/*.dylib $out/lib/*.dll)" ]; then
+          rm "$out/lib/"*.a
+      fi
+
+    '' +
+    ''
+      mkdir -p $bin
+      substituteInPlace $out/bin/c_rehash --replace ${buildPackages.perl} ${perl}
+      mv $out/bin $bin/
+
+      mkdir $dev
+      mv $out/include $dev/
+
+      # remove dependency on Perl at runtime
+      rm -r $out/etc/ssl/misc
+
+      rmdir $out/etc/ssl/{certs,private}
+    '';
+
+    postFixup = ''
+      # Check to make sure the main output doesn't depend on perl
+      if grep -r '${buildPackages.perl}' $out; then
+        echo "Found an erroneous dependency on perl ^^^" >&2
+        exit 1
+      fi
+    '';
+
+    meta = with stdenv.lib; {
+      homepage = https://www.openssl.org/;
+      description = "A cryptographic library that implements the SSL and TLS protocols";
+      license = licenses.openssl;
+      platforms = platforms.all;
+      maintainers = [ maintainers.peti ];
+      priority = 10; # resolves collision with ‘man-pages’
+    };
+  };
+
+in {
+
+  openssl_1_0_2 = common {
+    version = "1.0.2q";
+    sha256 = "115nisqy7kazbg6br2wrcra9nphyph1l4dgp563b9cf2rv5wyi2p";
+    patches = [
+      ./1.0.2/nix-ssl-cert-file.patch
+
+      (if stdenv.hostPlatform.isDarwin
+       then ./1.0.2/use-etc-ssl-certs-darwin.patch
+       else ./1.0.2/use-etc-ssl-certs.patch)
+    ];
+  };
+
+  openssl_1_1 = common {
+    version = "1.1.1a";
+    sha256 = "0hcz7znzznbibpy3iyyhvlqrq44y88plxwdj32wjzgbwic7i687w";
+    patches = [ ./1.1/nix-ssl-cert-file.patch ];
+    withDocs = true;
+  };
+
+}
author	Alyssa Ross <hi@alyssa.is>	2019-01-07 02:18:36 +0000
committer	Alyssa Ross <hi@alyssa.is>	2019-01-07 02:18:47 +0000
commit	36f56d99fa0a0765c9f1de4a5f17a9b05830c3f2 (patch)
tree	b3faaf573407b32aa645237a4d16b82778a39a92 /nixpkgs/pkgs/development/libraries/openssl
parent	4e31070265257dc67d120c27e0f75c2344fdfa9a (diff)
parent	abf060725d7614bd3b9f96764262dfbc2f9c2199 (diff)
download	nixlib-36f56d99fa0a0765c9f1de4a5f17a9b05830c3f2.tar nixlib-36f56d99fa0a0765c9f1de4a5f17a9b05830c3f2.tar.gz nixlib-36f56d99fa0a0765c9f1de4a5f17a9b05830c3f2.tar.bz2 nixlib-36f56d99fa0a0765c9f1de4a5f17a9b05830c3f2.tar.lz nixlib-36f56d99fa0a0765c9f1de4a5f17a9b05830c3f2.tar.xz nixlib-36f56d99fa0a0765c9f1de4a5f17a9b05830c3f2.tar.zst nixlib-36f56d99fa0a0765c9f1de4a5f17a9b05830c3f2.zip